how to clear a cookie value in request object

Mike Ellery mellery451 at gmail.com
Sat Nov 2 18:04:30 UTC 2013 

> Message: 5
> Date: Sat, 2 Nov 2013 03:41:26 +0400
> From: Maxim Dounin <mdounin at mdounin.ru>
> To: nginx-devel at nginx.org
> Subject: Re: how to clear a cookie value in request object
> Message-ID: <20131101234126.GJ95765 at mdounin.ru>
> Content-Type: text/plain; charset=us-ascii
>
> Hello!
>
> On Fri, Nov 01, 2013 at 09:41:20AM -0700, Michael Ellery wrote:
>
>> devs,
>>
>> I'm looking for advice about how to properly clear a cookie value from the current request so that it will be omitted
>> from the request when it goes upstream (to proxy). Here's the code I currently have:
>>
>>         static ngx_str_t my_cookie_name = ngx_string("MyMagicCookieName");
>>
>>
>>         ngx_uint_t         i;
>>         ngx_table_elt_t  **h;
>>         ngx_str_t  null_header_value = ngx_null_string;
>>         h = r->headers_in.cookies.elts;
>>         for (i = 0; i < r->headers_in.cookies.nelts; i++) {
>>             if (h[i]->value.len > my_cookie_name.len &&
>>                 0 == ngx_strncmp(h[i]->value.data, my_cookie_name.data, my_cookie_name.len))
>>             {
>>                 h[i]->value = null_header_value;
>>                 break;
>>             }
>>         }
>>
>>
>> my main concern is leaking memory -- will the nulling of this value cause memory to be leaked? If so, how can I fix this?
>>
>> A secondary concern is that I believe value can actually contain a list of comma separated of cookie name/vals, although
>> I've not actually encountered that problem so far. What would be the right way to wipe out only PART of the value data,
>> if that's indeed what I need to do?
>
> There are at least two problems with the above code:
>
> - It tries to modify r->headers_in, which is wrong.  The
>   r->headers_in contains headers as received from a client, and
>   they are not expected to be modified.  Modifications will likely
>   result in undefined behaviour.
>
> - As you correctly assume, there can be more than one cookie in a
>   single Cookie header (and usually there are - as long as there
>   are more than one cookie used for a domain).
>
> Proper solution would be to provide a new value for the Cookie
> header in a variable (taking into account multiple cookies in a
> single header), and then use
>
>     proxy_set_header Cookie $your_new_cookie_value;
>
> in configuration, much like with the $proxy_add_x_forwarded_for
> variable as available for X-Forwarded-For header modification.
>
> --
> Maxim Dounin
> http://nginx.org/en/donation.html
>
>

Maxim,

Thanks for your helpful response. Is there a predefined variable that
I can use to store my modified cookie value or will I just need to
create a new custom variable value?

Thanks,
Mike


-- 
+++++++++++++++++++
Mike Ellery
mellery451 at gmail.com
+++++++++++++++++++

More information about the nginx-devel mailing list